Onemind-Services-LLC / netbox-secrets

Enhance your secret management with encrypted storage and flexible, user-friendly features.
Apache License 2.0
105 stars 11 forks source link

[Feature]: pass session key in GET/POST requests data #85

Closed artscout closed 10 months ago

artscout commented 1 year ago

NetBox version

v3.5.6

Feature type

Change to existing model

Proposed functionality

Currently session key passed either via Cookie or HTTP request header. While it works with curl I would like to propose functionality to pass it via JSON request data thus enabling usage of pynetbox more easily

Use case

Currently we have to do this to retrieve secrets for device: `netbox_url = netbox_token = private_key_file = with open(private_key_file, 'r') as pkey_file: private_key = pkey_file.read() private_key_data = {'private_key' : private_key, 'preserve_key': True} ntbx = pynetbox.api(netbox_url, netbox_token) device = ntbx.dcim.devices.get(name = ) session_key = None session_data = ntbx.plugins.secrets.session_keys.create(private_key_data) if session_data.session_key: session_key = session_data.session_key

if session_key: session = requests.Session() session.headers = {"X-Session-Key": session_key} ntbx.http_session = session secrets = ntbx.plugins.secrets.secrets.filter(assigned_object_id = device.id) for secret in secrets: pprint(dict(secret)) `

if, for example we can pass session_key via argument of get()/filter() as "session_key = session_key" it would be much easier to retrieve secrets.

tell me what you think about that?

External dependencies

No response

artscout commented 1 year ago

something like this: --- a/netbox-secrets/netbox_secrets/api/views.py +++ b/netbox-secrets/netbox_secrets/api/views.py @@ -91,6 +91,8 @@ class SecretViewSet(NetBoxModelViewSet): session_key = base64.b64decode(request.COOKIES[constants.SESSION_COOKIE_NAME]) elif 'HTTP_X_SESSION_KEY' in request.META: session_key = base64.b64decode(request.META['HTTP_X_SESSION_KEY'])

abhi1693 commented 1 year ago

I appreciate your perspective and understand the implications of this proposal. However, it is important to consider that implementing this change could disrupt numerous existing use cases that are vital for our user base. In order to mitigate potential disruptions, we suggest not proceeding with this modification until after the release of NetBox 3.6, at the earliest.

Furthermore, the adoption of such a change should ideally be underpinned by a broad consensus within our team and user community. Currently, the justifications presented primarily center around convenience, and while we do value streamlining our processes, it is essential to balance this with the potential implications.

I am personally yet to be fully convinced of the need for this change, but I remain open to further discussion and will welcome any compelling reasons that may arise from our continued dialog.

if, for example we can pass session_key via argument of get()/filter() as "session_key = session_key" it would be much easier to retrieve secrets.

This is not valid because any user can only have 1 session key so there does not seem to any reasoning why you would need to run a filter like that.

artscout commented 1 year ago

Sure, that's not a critical feature and we can do eitehr without it or with self-made patch for a time being (which I did and posting below), I did it on my local copy and the only caveat I can detect is that session key is visible in the log of netbox's gunicorn when debug is enabled.

elif request.data.get('session_key', None) is not None: session_key = base64.b64decode(request.data.get('session_key', None)) elif request.GET.get('session_key', None) is not None: session_key = base64.b64decode(request.GET.get('session_key', None))